After you obtain a SAML token from the vCenter Single Sign-On server, you can use the vSphere Web Services API method LoginByToken to establish a single sign-on session with a vCenter Server. See vCenter Single Sign-On Client Example (JAX-WS) for an example of obtaining a vCenter Single Sign-On token.

At the beginning of a vCenter Single Sign-On session, your client is responsible for the following tasks:

  • Insert the vCenter Single Sign-On token and a timestamp into the SOAP header of the LoginByToken message.
  • Maintain the vCenter Server session cookie. During the login sequence, the server produces an HTTP session cookie to support the persistent connection. Your client must save this cookie and re-introduce it at the appropriate times.
  • If at a later time your client invokes the LoginByToken method, or other login method, the Server issues a new session cookie in response. You must have a cookie handler in place to save the cookie for subsequent requests.

The example program uses these general steps:

  1. Call the RetrieveServiceContent method. The method establishes the connection with the vCenter Server and provides access to the SessionManager managed object.
  2. Call the LoginByToken method to authenticate the vCenter session. To send the token to the vCenter Server, the client uses a handler to embed the token and a time stamp in the SOAP header for the message. The client uses an HTTP header handler method to extract the cookie from the vCenter Server response.
  3. Restore the session cookie for future requests. To identify the session started with the LoginByToken method, the client uses a handler to embed the session cookie in the HTTP header.